Debians sikkerhedsbulletin

DSA-1978-1 phpgroupware -- flere sårbarheder

Rapporteret den:

26. jan 2010

Berørte pakker:

phpgroupware

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2009-4414, CVE-2009-4415, CVE-2009-4416.

Yderligere oplysninger:

Flere fjernudnytbare sårbarheder er opdaget i phpgroupware, et webbaseret groupwaresystem skrevet i PHP. Projektet Common Vulnerabilities and Exposures har registreret følgende problemer:

CVE-2009-4414
En SQL-indsprøjtningssårbarhed blev fundet i authentication-modulet.
CVE-2009-4415
Flere sårbarheder i forbindelse med genneløb af mapper, blev fundet i addressbook-modulet.
CVE-2009-4416
Authentication-modulet er påvirket af en sårbarhed i forbindelse med udførelse af skripter på tværs af websteder.

I den stabile distribution (lenny) er disse problemer rettet i version 0.9.16.012+dfsg-8+lenny1.

I den ustabile distribution (sid) er disse problemer rettet i version 0.9.16.012+dfsg-9.

Vi anbefaler at du opgraderer dine phpgroupware-pakker.

Rettet i:

Debian GNU/Linux 5.0 (lenny)

Kildekode:: http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg.orig.tar.gz; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.diff.gz; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.dsc
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.012+dfsg-8+lenny1_all.deb; http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.012+dfsg-8+lenny1_all.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.